Too Much Reliance on Customer Education?

I've spent the last several weeks talking with a number of industry experts about fraud and security expectations for the new year. The one overarching theme that keeps coming up? The United States lags the rest of the world when it comes to fraud detection, and that lag is catching up with us.

Information Security Media Group recently released results from its The Faces of Fraud Survey -- a survey we conducted in the fall. We asked bankers and others in the financial space to share their thoughts about fraud, detection tools and investments they plan to make in fraud prevention and security over the next 12 months. Not surprisingly, most institutions said budgetary challenges have hindered investments in fraud prevention. But, going forward, they expect to make strides toward upping their security initiatives. The problem is that some of the expected investments are a bit misguided -- not aimed at targeting the root of most fraud.

This is like trying to act against crime but starting with a dead body and investigating backward, rather than actually trying to stop people from getting whacked in the first place.

Let's take a look at the current landscape. According to our survey, 77 percent of respondents said employee education is the most effective way to prevent fraud, and another 67 percent said customer/member awareness plays the most important role in the fraud fight. But how far can employee and customer or member education and awareness really go?

George Tubin, a fraud analyst with TowerGroup, says education has its boundaries. Simply put: "We have to do more," he says. "Employee education is absolutely necessary, but because of the sheer volume of transaction and the move to electronic transactions, we have to invest in more technology for fraud detection."

I agree. And here is the most striking, and frightening, revelation -- more than three quarters of our survey's respondents say they learn about "most" fraud incidents when customers or members notify them. Yet 43 percent (the third highest) say "lack of customer awareness" is their biggest challenge when it comes to fraud prevention. What's more, 63 percent (the highest) say they spent the last year investing more heavily in employee and customer/member fraud awareness, as a way to reduce vulnerabilities to fraud.

But the effectiveness of their education programs need improvement. Seventy percent of respondents said education and awareness for employees needed help, and other 68 percent said education efforts for commercial and consumer customers needed improvement.

Does there seem to be a disconnect somewhere, or is it just me?

"When is a fraud incident detected? 'When a customer notifies us.' I see that year after year, and it's pretty sad," says Avivah Litan, a distinguished analyst and vice president at Gartner. "It also tells me that there is a lot of fraud they are never detecting, and that a number of fake identities are probably getting through. It could be a fraudster who opens an account and takes out money. If they're relying so much on customer notification, how would they know? If 76 percent say customers notify them of fraud, there's a lot that they are missing."

In a nutshell, fraud detection is getting short-changed, and Litan is not the only one who shared that view. Adam Dolby, who oversees online security and authentication systems for Gemalto North America, says current fraud-detection measures in the U.S. are in need of serious analysis. Continuing to rely on customer notification for fraud detection is not good for business. "This is more of a U.S.-centric mentality," Dolby says. "We see more authentication at the corporate and retail levels in Europe," where authentication solutions are more evolved and sophisticated.

Dolby says U.S. banking institutions are falling victim to what he calls the "CSI phenomenon."

"This is like trying to act against crime but starting with a dead body and investigating backward, rather than actually trying to stop people from getting whacked in the first place," he says.

So, what's the solution? Well, more investments in technology, from cross-channel integration to stronger authentication. Maybe we can learn a thing or two from our European banking brethren. Education, whether it involves the customer or member or the employee, does have a place in a fraud-detection and prevention plan. But it's definitely time for more investment in technology.

About the Author

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.